If you have a Single Sign-On (SSO) provider which is not Microsoft Entra ID or Google SSO, if your SSO provider supports SAML then you should be able to set up SSO via SAML to provide authentication for your users signing into Genius.

What do I need to do in my Identity Provider (e.g. Okta, AWS IAM, etc…) to set up SSO via SAML

In your Identity Provider most likely you'll need to go through the process of setting up a new application or integration. This process will vary based on who your identity provider is, but usually will follow these steps:

1.  Give your application integration a name (call it something like AVOXI Genius)
2. Give the identity provider information on how Genius integrates via SAML such as:
   • Single sign-on URL (sometimes called Application ACS URL)
     • https://genius.avoxi.com/api/v1/auth/saml/consume 
   • Audience URI (SP Entity ID)
     • https://genius.avoxi.com
   • Name ID format
     • This should be your email address
   • Should the assertion or the response be signed?
     • Genius expects both the assertion and response to be signed.

• At this point, you should be able to copy the Metadata URL and paste into the Genius SSO setup (see below) or alternatively get the Login URL and SAML Signing Certificate to set up.

What do I need to do in Genius to setup SSO via SAML?

In order to set this up, an Administrator must navigate to Home → Settings → Security Controls. From here you will see the Login Settings section. In this section, update the dropdown for Single Sign-On (SSO) to SAML and fill in the appropriate details before clicking Save.

To get started with our generic SAML interface, we will need the Metadata URL OR a Login URL & SAML Signing Certificate. 

• Preferred Setup Method
  • Metadata URL
    • This is your identity provider's metadata URL
    • E.g. For Okta, you can get this by having an Admin sign in to the Okta Admin app and generate the IDP metadata variable
• Alternative Setup Method
  • Login URL
    • This is your identity provider's login URL.
      • E.g. this is the location where the browser would be re-directed to sign in for your users. For Okta, this might be [yourorganization].okta.com. You can sign in to the Okta Admin Dashboard to generate this URL.
  • SAML Signing Certificate
    • This is the PEM Text format x509 Certificate from your identity provider.
      • IMPORTANT: Please remove the BEGIN CERTIFICATE and END CERTIFICATE lines and provide your certificate as as a single line in this text box.
      • E.g. For Okta, you can sign in to the Okta Admin Dashboard to generate the x509 Certificate in PEM Text Format.

You can also update the Login Button Label - this is the text that will show on the Sign in with SSO button. Maximum 30 characters. If no text is provided, then the button will display “Sign in with SSO”

Note: See section on Account Login below for how to set up automatic forwarding to SSO so your users will not need to click a Sign in with SSO button

Once set up to sign in via SAML, your users will be able to sign in to Genius with their credentials from their company account. Please make sure the email for their user in Genius matches the email on their company account or the user may encounter errors when logging in.